As usual, I woke up seconds after dying on my bed, and came up with the method to implement OpenPGP-Encrypted HTTP Requests. The idea is quite simple.

Server side, from within a virtual host you create a location called, for example, "/crypthandler". Then you assign a special mod_auth_openpgp handler to it.

Client side, when Enigform is asked to encrypt, or sign+encrypt a request, it first signs it so the X-OpenPGP headers get added. Then, the encryption process encapsulates the whole request's headers and body, and encrypts it. Afterwards, this is what gets sent to the server (all this might get improved, this is just the bare-bones idea, no mime-type, no nothing here):

The crypthandler decrypts the message (of course, it should be addressed to the virtualhost's pgp key!). The message, when decrypted, is an encapsulated HTTP request, all with method, path, headers, cookies and body [if POST]. The handler does a sub-request, and sends back the response obtained (probably in encrypted form, too, if requested).

I also believe the handler could connect to a different host, virtual creating private sites that could only be accesed through an openpgp encrypted request, or encrypted proxies, etc, etc, etc.

It's almost finished. I had to learn how to write a connection-level apache input filter, but...

It's taking long because I'm about to re-implement the code using my 3rd approach. The first two were useful to learn input filter programming, but the 3rd generation/implementation will be quite solid, I guess.

The problem is that, browser-side, an input/output filtering mechanism should exist, and Mozilla does not provide that. I'm about to open an issue at mozilla's bugzilla about this. I have support from a couple of mozdev.org guys, we'll see what happens.